Azure 函数:在您的函数应用程序中检测到主机脱机
Azure function: Detected host offline in your function app
我们有一个与 VNET 集成的 Azure Functions。函数使用 Key Vault 从中读取配置值。 MSI 已在功能上启用,并在 KV 中添加访问策略以允许功能访问它。到 Key Vault 的流量被限制为允许来自所述 VNET。我们昨天在诊断中收到了这个错误,这影响了我们的执行流程。应用程序离线几分钟导致失败。诊断报告是这样说的:
Detected host offline in your function app.
Description
A host error has occurred during startup operation 'd732fccb-40ae-40a1-8d14-ea3cdba0e725'.
Last offline at
5/4/2021 10:32:13 AM
Details
Microsoft.Azure.KeyVault.Models.KeyVaultErrorException : Client address is not authorized and caller is not a trusted service.
Client address: x.x.x.x
功能在停机约4分钟后开始正常运行。这可能是 VNET 集成的问题。
有没有人遇到过这个?有什么办法可以防止这种情况吗?
在这种情况下,您可以添加 azure 函数的应用程序设置 WEBSITE_VNET_ROUTE_ALL = 1,这将强制所有出站流量从 azure 函数进入该 VNet。
When you route all of your outbound traffic into your VNet, it's
subject to the NSGs and UDRs that are applied to your integration
subnet. When WEBSITE_VNET_ROUTE_ALL is set to 1, outbound traffic is
still sent from the addresses that are listed in your app properties,
unless you provide routes that direct the traffic elsewhere.
我们有一个与 VNET 集成的 Azure Functions。函数使用 Key Vault 从中读取配置值。 MSI 已在功能上启用,并在 KV 中添加访问策略以允许功能访问它。到 Key Vault 的流量被限制为允许来自所述 VNET。我们昨天在诊断中收到了这个错误,这影响了我们的执行流程。应用程序离线几分钟导致失败。诊断报告是这样说的:
Detected host offline in your function app.
Description
A host error has occurred during startup operation 'd732fccb-40ae-40a1-8d14-ea3cdba0e725'.
Last offline at
5/4/2021 10:32:13 AM
Details
Microsoft.Azure.KeyVault.Models.KeyVaultErrorException : Client address is not authorized and caller is not a trusted service.
Client address: x.x.x.x
功能在停机约4分钟后开始正常运行。这可能是 VNET 集成的问题。 有没有人遇到过这个?有什么办法可以防止这种情况吗?
在这种情况下,您可以添加 azure 函数的应用程序设置 WEBSITE_VNET_ROUTE_ALL = 1,这将强制所有出站流量从 azure 函数进入该 VNet。
When you route all of your outbound traffic into your VNet, it's subject to the NSGs and UDRs that are applied to your integration subnet. When WEBSITE_VNET_ROUTE_ALL is set to 1, outbound traffic is still sent from the addresses that are listed in your app properties, unless you provide routes that direct the traffic elsewhere.